Privacy Policy

Effective: June 8, 2026 Last updated: June 8, 2026

In one paragraph

Boundless Networks, Inc. operates a (i) a public website at boundless.network and (ii) a public block explorer at explorer.boundless.network that surfaces activity on the Boundless prover network. The Boundless prover network is permissionless infrastructure that Boundless Networks, Inc. contributes software and tooling to but does not operate or control. We collect very little personal information through these properties. On the website we use a single, cookieless first-party analytics product to count visits. On the explorer we serve public on-chain data through our own backend, which means your browser does not have to talk to any third-party indexer to view the network. We do not sell your information, we do not run advertising trackers, and we honor privacy rights. The fastest way to reach us with a privacy question is privacy@boundless.network.

1. Who we are

This notice is published by Boundless Networks, Inc., a Delaware corporation (“Boundless,” “we,” “our,” or “us”). We can be reached at:

Privacy contact: privacy@boundless.network

General contact: Boundless Networks, Inc.; Attention: Privacy; 228 Park Avenue South, PMB 659510, New York, NY 10003

2. What this notice covers

This notice describes how Boundless handles personal information when you use the boundless.network website or the explorer.boundless.network network explorer (including any sub-path under either domain, such as /careers, /blog, or /all). A separate annex at the end of this document addresses what data, if any, Boundless processes about prover and operator counterparties who participate in the Boundless prover network.

This notice does not cover the underlying public blockchains whose transactional records the explorer displays. It also does not cover the Boundless prover network itself, which is permissionless infrastructure that Boundless Networks, Inc. contributes software and tooling to but does not operate or control. Those records are recorded on permissionless networks that Boundless does not control and cannot modify or delete. We explain the distinction in Section 5 below.

3. Information we collect

3a. Information you give us directly

You give us information directly only in the following situations. Outside these, our sites do not solicit personal information from visitors.

You apply to a job. The “Careers” page on boundless.network links to job postings hosted by Workable. When you apply, you submit your application materials (name, contact information, resume, and any other materials Workable’s form requests) to Workable, which processes that information as a service provider to Boundless for the purpose of recruiting. Workable’s privacy notice is at https://www.workable.com/privacy.

You email us. If you write to us at any Boundless address, including privacy@boundless.network, we receive the contents of your message and any contact information you include.

3b. Information collected automatically

When you visit boundless.network, we collect aggregated, cookieless, web-analytics events through Vercel Web Analytics, which is a first-party product run by our hosting provider, Vercel. The analytics data captured is limited to page views, referrer, country, device type, browser, and operating system. Vercel computes a daily-rotating salted hash from the visitor’s IP address and user agent for the sole purpose of counting unique visitors over a 24-hour window; the IP address is not stored in the analytics dataset, and the daily-rotating hash cannot be used to track an individual user across days. No persistent cookies are set.

When you use either boundless.network or explorer.boundless.network, our hosting provider Vercel writes server-request logs as a normal incident of serving the page. Those logs contain your IP address, your user agent, the URL you requested, the response code, response size, and the timing of the request. They are retained in accordance with Vercel policies (which policies are beyond the control of Boundless) and accessed only by Boundless personnel for operational, security, and debugging purposes, and by Vercel as our processor.

The explorer.boundless.network application talks to a first-party Boundless API (currently at /api/{chain}/{endpoint} on the same domain) to fetch the on-chain data it displays. That means your browser communicates only with Boundless infrastructure when you use the explorer; we do not transmit your IP address or browser identity to any third-party indexer, RPC provider, or analytics service in order to render the page. Calls to the API are logged in the same Vercel request logs described above.

We do not run third-party marketing pixels, session-replay tools, A/B-testing platforms, error-monitoring SDKs, support widgets, or third-party embeds on either in-scope surface.

3c. Information from third parties

We do not buy or rent personal information about visitors from data brokers or marketing networks. If you reach us through a referral from another website, our analytics may record that referrer URL.

3d. Public on-chain data displayed by the explorer

The explorer.boundless.network application surfaces information recorded on public blockchains, including transaction hashes, wallet addresses, order details, proof submissions, and similar data. This information is recorded by users and other participants directly on the relevant blockchain. The information is publicly available from any node operator, indexer, or other block explorer, and is observable independent of Boundless. Boundless is not the controller of the underlying on-chain record. Boundless displays this data as a publishing function; we do not generate it, we cannot alter it, and we cannot delete it from the blockchain.

4. How we use information

We use personal information for the following purposes:

Operating, securing, and improving the boundless.network website and the explorer.boundless.network application, including by analyzing aggregated traffic and diagnosing errors

Responding to messages you send us, including privacy requests, support requests, and general inquiries

Evaluating candidates for employment when you submit a job application through Workable

Complying with legal obligations, including responses to law-enforcement requests, tax and corporate-records obligations, and statutory privacy-rights workflows

Defending or asserting legal claims

We do not engage in solely automated decision-making that produces legal or similarly significant effects on you.

5. Sharing and disclosure

We share personal information only in the following circumstances.

Service providers. We use a small number of vendors that process personal information on our behalf as data processors or service providers, e.g.: Vercel (hosting and edge delivery for both surfaces, request logs, and Web Analytics; United States, with sub-processors as listed in Vercel’s data-processing addendum); Google LLC (Google Calendar appointment scheduling and Google Workspace for email; United States); and Workable (applicant-tracking system for job applications submitted through boundless.network/careers). Each of these vendors is bound by a data-processing agreement that restricts the use of personal information to the services they provide to us.

Legal disclosures. We may disclose personal information when we believe in good faith that disclosure is necessary to comply with law or legal process, to respond to lawful requests by public authorities, or to protect our rights, your safety, or the safety of others. We reserve the right to challenge requests we believe are overbroad or improperly issued, consistent with applicable law.

Business transfers. If Boundless or substantially all of its assets is acquired by or merged with another entity, personal information may be transferred as part of that transaction, subject to the protections of this notice and applicable law.

We do not sell personal information. We do not sell personal information for money, and we do not “share” personal information for cross-context behavioral advertising. We do not engage in “targeted advertising.”

6. Cookies and similar technologies

When you visit our websites, we do not put cookies on your device. A cookie is a small file that a website saves in your browser to remember things about you between visits. We do not use cookies on boundless.network. The tool we use to count visitors there counts visits without storing anything in your browser that could identify you the next time you come back.

If you connect a crypto wallet on explorer.boundless.network, your wallet software may save a small note in your browser so it can remember which wallet you used the next time you visit. That note stays in your browser. We do not see it, and we do not send it anywhere.

Some browsers let you turn on a setting called Global Privacy Control. When it is on, your browser sends every website you visit a signal that means “do not sell my personal information.” We respect that signal. We do not sell personal information about you in any case, so in practice the effect is that we confirm we are not doing so.

7. International data transfers

Boundless is established in the United States. When accessing our sites or services from outside the United States, your information is transferred to the United States and, depending on the request path, to other regions where our service providers operate.

8. How long we keep information

We keep personal information only as long as we need it for the purposes set out in Section 4, plus any further period required by law. We work to diligently and compliantly not retain information beyond a period reasonable or necessary to fulfill the purposes set out in Section 4.

9. Security

We work to protect personal information with technical and organizational measures appropriate to the risk, including encryption of data in transit using HTTPS, encryption at rest within our service providers’ infrastructure, role-based access controls limiting access to personal information to a small number of employees who need it, and contractual data-protection commitments from our service providers. However, no system is perfectly secure and you should not assume interaction with Boundless sites, services or properties are perfectly secure.

10. Your rights

The rights summarized below apply to the extent your local law grants them.

You may ask us to

(i) confirm whether we hold personal information about you and to provide a copy,

(ii) correct information that is inaccurate,

(iii) delete personal information that we no longer need or that we hold without an adequate basis,

(iv) restrict or object to certain processing,

(v) port your information to another service in a structured, commonly used format,

(vi) withdraw any consent you previously gave (without affecting the lawfulness of processing carried out before withdrawal), and/or

(vii) lodge a complaint with a data-protection or consumer-protection authority.

To exercise any of these rights, write to us at privacy@boundless.network. Include information sufficient and reasonable for us to identify you, the issue you are concerned with and your justification(s) and legal basis for having the concern. We will respond to properly formed queries within the statutory timeframe that applies to your jurisdiction, or, if no timeframe applies, within a reasonable time and in any event within 45 days of receipt. We may need to verify your identity before we can act on a request; for most requests we will ask for confirmation from the email address we have on file, plus enough information to match you to the record you are asking about. We do not charge a fee for the first request in a 12-month period.

If you reside in a jurisdiction not specifically named in this notice but you believe a local privacy law grants you a right with respect to your personal information, you may still submit a request at the address above, and we will honor the request to the extent your local law requires.

11. California-specific disclosures (CCPA / CPRA)

This section is provided to comply with the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”).

Categories of personal information collected in the past 12 months:

names, email addresses, resume content;

IP addresses;

page views, request paths and user agents;

We do not collect sensitive personal information within § 1798.140(ae).

Sources of collection. Directly from you and automatically from your interaction with our surfaces.

Business or commercial purposes. As set out in Section 4 above.

Disclosed to whom in the past 12 months. As set out in Section 5 above: service providers and, where legally compelled, governmental authorities.

Sale and sharing. We have not “sold” personal information and have not “shared” personal information for cross-context behavioral advertising in the past 12 months, and we do not anticipate doing so. We thus do not sell or share the personal information of consumers under 16 years of age.

Sensitive personal information. We do not collect or process sensitive personal information for any purpose other than the purposes delineated above and we therefore do not provide a “Limit the Use of My Sensitive Personal Information” link.

Retention. See Section 8 above.

California rights. California consumers may request access, deletion, correction, the right to know, and the right to opt out of sale or sharing (which, as noted, is not currently a feature of our processing). To exercise these rights, write to privacy@boundless.network. You may also authorize an agent to make a request on your behalf by providing the agent with written authorization and verifying the request through the methods described in Section 10. We will not discriminate against you for exercising your CCPA rights.

12. Exercising Your Right

To exercise any of the rights listed in this policy, including but not limited to its addenda, write to us at privacy@boundless.network. Include information sufficient and reasonable for us to identify you, the issue you are concerned with, your relevant justification(s) and any legal basis for the concern. We will respond to properly formed queries within the statutory timeframe that applies to your jurisdiction, or, if no timeframe applies, within a compliant, reasonable time. We may need to verify your identity before we can act on a request; for most requests we will ask for confirmation from the email address we have on file, plus enough information to match you to the record you are asking about. We do not charge a fee for the first request in a 12-month period.

13. Children

Boundless sites, properties and services are not directed to children under 13 years of age and we do not knowingly collect personal information from children under 13. The “Book a call” and “Careers” flows are directed to adults and the explorer requires functional literacy with wallet software, which in practice operates as a soft adult gate. If you believe a child has provided us with personal information, write to privacy@boundless.network and we will review the request and act appropriately.

14. Automated decision-making and AI

We do not make decisions about you that produce legal or similarly significant effects on you using solely automated means. The Boundless prover network involves substantial automated processing of proof requests, but that processing operates on cryptographic inputs submitted to the network and does not make decisions “about” any identified or identifiable individual.

We do not knowingly use personal information collected through our sites, properties or services to train large language models or other AI systems.

15. Changes to this notice

We will update this notice from time to time. The “Last updated” date at the top reflects the date of the most recent change. For material changes, we will post a notice on boundless.network before the change takes effect, and where required by law we will notify affected individuals through other means.

Addendum A: Other US state laws (Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Iowa, Tennessee, Delaware, New Hampshire, New Jersey, Nebraska, Maryland, Minnesota, Rhode Island, Indiana, Kentucky)

Residents of the named states have the right to confirm whether we process their personal data, to access a copy, to correct inaccuracies, to delete, to obtain a portable copy, and to opt out of the sale of personal data, of targeted advertising, and of profiling in furtherance of decisions that produce legal or similarly significant effects. We do not sell personal data, do not engage in targeted advertising, and do not engage in such profiling.

Addendum B: Residents of other jurisdictions

If you reside outside the United States and a privacy law applicable to you grants you rights with respect to your personal information processed by Boundless, you may submit a request to privacy@boundless.network, and we will honor that request to the extent your local law requires.

Addendum C: Candidate Privacy Notice (Workable applications)

This addendum applies when you apply for a job posted by Boundless through Workable, our applicant-tracking system. The processing it describes is separate from the processing of marketing-site visitors and explorer users described in Sections 3 through 13 above and is governed by this addendum.

Controller. Boundless Networks, Inc. is the controller of personal data submitted through a Workable application for the purpose of evaluating your candidacy and operating our recruiting process.

Workable's role. Workable Software, Limited operates the applicant-tracking platform and acts as our processor with respect to the data you submit through its application form. Workable's own use of platform data as a controller is governed by Workable's privacy notice at https://www.workable.com/privacy.

What we collect. Identification and contact information (name, email, phone), the contents of your application materials (resume, cover letter, links to portfolios or repositories, prior-employment information, work-authorization status), any optional demographic information you choose to provide for diversity-monitoring purposes, and any communications between you and Boundless during the recruiting process.

Why we process it. To evaluate your candidacy for the role you applied for; to consider you for other roles where applicable and to the extent you have so consented; to communicate with you about the process; to comply with employment-law and record-keeping obligations; and to defend any later challenge to a hiring decision.

Legal basis for EU and UK candidates. Where the EU GDPR or the UK GDPR applies to our processing of your application, we rely on the following bases under Article 6(1) and, where relevant, Article 9(2): legitimate interests for evaluating your candidacy, communicating with you, and defending hiring decisions; pre-contractual steps at your request where evaluation leads toward an offer; legal obligation for record-keeping and equal-employment monitoring as required by law; consent for any optional disclosures you choose to make; and, where you choose to share special-category data such as a medical accommodation, employment-law processing under Article 9(2)(b).

Recipients. Workable as processor; Boundless's hiring managers, recruiters, and other authorized personnel involved in the recruiting decision; our outside counsel and benefits providers as needed; if we extend an offer, our employer-of-record partner Deel; and any governmental authority where compelled by law.

Retention. We retain unsuccessful application materials for twelve months following the conclusion of the recruiting process unless you ask earlier, you have consented to be considered for future roles, or a longer period is required by law, after which the materials are deleted. Successful applicants' materials are integrated into an employment file maintained by Boundless and its contracted service providers.

International transfers. Workable processes data in the European Economic Area and the United States; Boundless's hiring personnel access the data in the United States and other countries where they are based. For transfers from the EEA or the United Kingdom to the United States, we rely on the EU Standard Contractual Clauses and the UK International Data Transfer Addendum, as documented in our data-processing agreement with Workable.

Your rights. Candidates in the EEA and the United Kingdom have the rights of access, correction, deletion, restriction, objection, data portability, withdrawal of consent, and the right to lodge a complaint with the relevant supervisory authority (the UK Information Commissioner's Office, or your national EU data-protection authority).

Our EU GDPR Representative is:

Rickert Rechtsanwaltsgesellschaft mbH
- Boundless Networks, Inc. -
Colmantstraße 15
53115 Bonn
Germany
art-27-rep-boundless@rickert.law

Our UK-GDPR Representative is:

Rickert Services Ltd UK
- Boundless Networks, Inc. -
PO Box 1487
Peterborough
PE1 9XX
United Kingdom
art-27-rep-boundless@rickert-services.uk

Automated decision-making. We do not make hiring decisions about you that produce legal or similarly significant effects on you using solely automated means. A human reviewer makes hiring decisions, including any decision to reject your application.

Annex D: Prover and Operator Notice

This annex describes how Boundless handles personal information about provers and operators participating in the Boundless prover network.

What we collect

Participation in the Boundless prover network is permissionless. Boundless does not require an account, a license agreement, or a know-your-customer disclosure as a condition of participation. The prover network operates against public blockchains using smart contracts; provers identify themselves on-chain through their wallet addresses, and the technical functions of the network (order matching, proof generation, reward distribution) occur on-chain without further data collection by Boundless.

We collect personal information from provers and operators only in the following limited situations:

You contact us. If a prover or operator contacts Boundless directly (by email, on Discord, or through a similar channel), we receive the contents of that communication and any contact information voluntarily shared.

You apply for a published opportunity. If Boundless publishes a paid program, grant, or partnership opportunity specifically for provers and a prover applies, we collect the information requested by that program’s application form. Such programs, if any, will be governed by their own terms.

We do not maintain a master “prover identity” database tying on-chain wallet addresses to real-world identities. The on-chain reputation, performance, and reward history of any prover address is publicly observable on the underlying blockchains and on the explorer.boundless.network application; that information is on-chain data within the meaning of Section 3d of the main notice and is not controlled by Boundless.

How we use what we collect

We use information provided by provers and operators only to respond to the communication, to operate the published program (if any), and to comply with applicable law.

Sharing

We do not share prover or operator information with third parties except as described in Section 5 of the main notice, or as required by law.

Rights

Provers and operators have the same rights set out in Section 10 of the main notice and may exercise them by writing to privacy@boundless.network as otherwise set forth herein.